nodaddy 1.0.0

package/dist/index.js

@@ -0,0 +1,1977 @@
+#!/usr/bin/env node
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/services/state-manager.ts
+var state_manager_exports = {};
+__export(state_manager_exports, {
+  clearAll: () => clearAll,
+  clearConfig: () => clearConfig,
+  createMigration: () => createMigration,
+  getActiveMigration: () => getActiveMigration,
+  getAllMigrations: () => getAllMigrations,
+  getConfig: () => getConfig,
+  getMigration: () => getMigration,
+  getResumableDomains: () => getResumableDomains,
+  getStorePath: () => getStorePath,
+  saveDnsBackup: () => saveDnsBackup,
+  setConfig: () => setConfig,
+  updateDomainStatus: () => updateDomainStatus
+});
+import Conf from "conf";
+import crypto from "crypto";
+function getConfig() {
+  return store.get("config");
+}
+function setConfig(config) {
+  const current = store.get("config");
+  store.set("config", { ...current, ...config });
+}
+function clearConfig() {
+  store.set("config", {});
+}
+function clearAll() {
+  store.clear();
+}
+function getStorePath() {
+  return store.path;
+}
+function createMigration(domains) {
+  const id = crypto.randomUUID();
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const domainStates = {};
+  for (const domain of domains) {
+    domainStates[domain] = {
+      domain,
+      status: "pending",
+      dnsRecordsBackup: [],
+      lastUpdated: now
+    };
+  }
+  const migration = {
+    id,
+    startedAt: now,
+    domains: domainStates
+  };
+  const migrations = store.get("migrations");
+  migrations[id] = migration;
+  store.set("migrations", migrations);
+  store.set("activeMigrationId", id);
+  return migration;
+}
+function sanitizeMigration(migration) {
+  for (const domain of Object.values(migration.domains)) {
+    delete domain.authCode;
+  }
+  return migration;
+}
+function getActiveMigration() {
+  const id = store.get("activeMigrationId");
+  if (!id) return null;
+  const migrations = store.get("migrations");
+  const migration = migrations[id];
+  return migration ? sanitizeMigration(migration) : null;
+}
+function getMigration(id) {
+  const migrations = store.get("migrations");
+  const migration = migrations[id];
+  return migration ? sanitizeMigration(migration) : null;
+}
+function updateDomainStatus(migrationId, domain, status, extra) {
+  const migrations = store.get("migrations");
+  const migration = migrations[migrationId];
+  if (!migration) throw new Error(`Migration ${migrationId} not found`);
+  const domainState = migration.domains[domain];
+  if (!domainState) throw new Error(`Domain ${domain} not in migration`);
+  migration.domains[domain] = {
+    ...domainState,
+    // Clear stale error when transitioning to a non-failed status
+    ...status !== "failed" ? { error: void 0 } : {},
+    ...extra,
+    status,
+    lastUpdated: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  store.set("migrations", migrations);
+}
+function saveDnsBackup(migrationId, domain, records) {
+  updateDomainStatus(migrationId, domain, "pending", {
+    dnsRecordsBackup: records
+  });
+}
+function getAllMigrations() {
+  const migrations = store.get("migrations");
+  return Object.values(migrations).sort(
+    (a, b) => new Date(b.startedAt).getTime() - new Date(a.startedAt).getTime()
+  );
+}
+function getResumableDomains(migrationId) {
+  const migration = getMigration(migrationId);
+  if (!migration) return [];
+  return Object.values(migration.domains).filter(
+    (d) => d.status !== "completed" && d.status !== "transfer_initiated"
+  );
+}
+var store;
+var init_state_manager = __esm({
+  "src/services/state-manager.ts"() {
+    "use strict";
+    store = new Conf({
+      projectName: "nodaddy",
+      configFileMode: 384,
+      defaults: {
+        config: {},
+        migrations: {},
+        activeMigrationId: null
+      }
+    });
+  }
+});
+
+// src/index.ts
+import { Command } from "commander";
+
+// src/commands/migrate.ts
+import * as p4 from "@clack/prompts";
+import chalk5 from "chalk";
+
+// src/providers/godaddy.ts
+import { z as z2 } from "zod/v4";
+
+// src/types/godaddy.ts
+import { z } from "zod/v4";
+var GoDaddyDomainSchema = z.object({
+  domain: z.string(),
+  domainId: z.number(),
+  status: z.string(),
+  expires: z.string().optional(),
+  expirationProtected: z.boolean().optional(),
+  holdRegistrar: z.boolean().optional(),
+  locked: z.boolean().optional(),
+  privacy: z.boolean().optional(),
+  renewAuto: z.boolean().optional(),
+  renewable: z.boolean().optional(),
+  transferProtected: z.boolean().optional(),
+  createdAt: z.string().optional(),
+  authCode: z.string().optional(),
+  nameServers: z.array(z.string()).nullable().optional()
+});
+var GoDaddyDnsRecordSchema = z.object({
+  type: z.string(),
+  name: z.string(),
+  data: z.string(),
+  ttl: z.number(),
+  priority: z.number().optional(),
+  weight: z.number().optional(),
+  port: z.number().optional(),
+  service: z.string().optional(),
+  protocol: z.string().optional()
+});
+
+// src/services/rate-limiter.ts
+var RateLimiter = class {
+  timestamps = [];
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  async acquire() {
+    const now = Date.now();
+    this.timestamps = this.timestamps.filter(
+      (t) => now - t < this.config.windowMs
+    );
+    if (this.timestamps.length >= this.config.requests) {
+      const oldest = this.timestamps[0];
+      const waitMs = this.config.windowMs - (now - oldest) + 50;
+      await sleep(waitMs);
+      return this.acquire();
+    }
+    this.timestamps.push(now);
+  }
+};
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var godaddyRateLimiter = new RateLimiter({
+  requests: 55,
+  // 60/min with buffer
+  windowMs: 6e4
+});
+var cloudflareRateLimiter = new RateLimiter({
+  requests: 1100,
+  // 1200/5min with buffer
+  windowMs: 3e5
+});
+
+// src/services/validation.ts
+var DOMAIN_RE = /^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$/;
+function assertValidDomain(domain) {
+  if (domain.length === 0 || domain.length > 253) {
+    throw new Error(`Invalid domain name: ${domain}`);
+  }
+  const labels = domain.split(".");
+  for (const label of labels) {
+    if (label.length === 0 || label.length > 63) {
+      throw new Error(`Invalid domain name: ${domain}`);
+    }
+  }
+  if (!DOMAIN_RE.test(domain)) {
+    throw new Error(`Invalid domain name: ${domain}`);
+  }
+}
+
+// src/providers/godaddy.ts
+var BASE_URL = "https://api.godaddy.com";
+var RESOURCE_LOCK_MAX_RETRIES = 6;
+var RESOURCE_LOCK_BASE_DELAY_MS = 5e3;
+var GoDaddyClient = class {
+  credentials;
+  constructor(credentials) {
+    this.credentials = credentials;
+  }
+  /**
+   * Core fetch with 422 resource lock retry. All request methods use this.
+   */
+  async fetchWithRetry(path, options = {}, onRetry) {
+    for (let attempt = 0; attempt <= RESOURCE_LOCK_MAX_RETRIES; attempt++) {
+      await godaddyRateLimiter.acquire();
+      const res = await fetch(`${BASE_URL}${path}`, {
+        ...options,
+        headers: {
+          Authorization: `sso-key ${this.credentials.apiKey}:${this.credentials.apiSecret}`,
+          "Content-Type": "application/json",
+          ...options.headers
+        }
+      });
+      if (res.ok) return res;
+      const body = await res.text();
+      if (res.status === 422 && body.includes("Resource is being used") && attempt < RESOURCE_LOCK_MAX_RETRIES) {
+        const delay = RESOURCE_LOCK_BASE_DELAY_MS * (attempt + 1);
+        onRetry?.(attempt + 1, RESOURCE_LOCK_MAX_RETRIES, delay / 1e3);
+        await new Promise((r) => setTimeout(r, delay));
+        continue;
+      }
+      throw new GoDaddyApiError(
+        `GoDaddy API error ${res.status}: ${body}`,
+        res.status,
+        body
+      );
+    }
+    throw new Error("Exhausted retries");
+  }
+  async request(path, options = {}, onRetry) {
+    const res = await this.fetchWithRetry(path, options, onRetry);
+    const text2 = await res.text();
+    if (!text2) throw new Error("Expected JSON response but got empty body");
+    return JSON.parse(text2);
+  }
+  async requestVoid(path, options = {}, onRetry) {
+    const res = await this.fetchWithRetry(path, options, onRetry);
+    await res.text();
+  }
+  async requestText(path, onRetry) {
+    const res = await this.fetchWithRetry(path, {}, onRetry);
+    return res.text();
+  }
+  async listDomains() {
+    const data = await this.request(
+      "/v1/domains?limit=1000&statuses=ACTIVE"
+    );
+    return z2.array(GoDaddyDomainSchema).parse(data);
+  }
+  async getDomainDetail(domain) {
+    assertValidDomain(domain);
+    const data = await this.request(`/v1/domains/${domain}`);
+    return GoDaddyDomainSchema.parse(data);
+  }
+  async getDnsRecords(domain) {
+    assertValidDomain(domain);
+    const data = await this.request(
+      `/v1/domains/${domain}/records`
+    );
+    return z2.array(GoDaddyDnsRecordSchema).parse(data);
+  }
+  async removePrivacy(domain, onRetry) {
+    assertValidDomain(domain);
+    await this.requestVoid(
+      `/v1/domains/${domain}/privacy`,
+      { method: "DELETE" },
+      onRetry
+    );
+  }
+  async prepareForTransfer(domain, onRetry) {
+    assertValidDomain(domain);
+    try {
+      await this.requestVoid(
+        `/v1/domains/${domain}`,
+        { method: "PATCH", body: JSON.stringify({ locked: false, renewAuto: false }) },
+        onRetry
+      );
+    } catch (err) {
+      if (err instanceof GoDaddyApiError && !err.responseBody.includes("Resource is being used")) {
+        await this.requestVoid(
+          `/v1/domains/${domain}`,
+          { method: "PATCH", body: JSON.stringify({ locked: false }) },
+          onRetry
+        );
+      } else {
+        throw err;
+      }
+    }
+  }
+  async getAuthCode(domain) {
+    assertValidDomain(domain);
+    try {
+      const text2 = await this.requestText(
+        `/v1/domains/${domain}/transferAuthCode`
+      );
+      try {
+        const parsed = JSON.parse(text2);
+        if (typeof parsed === "string") return parsed;
+        if (Array.isArray(parsed) && typeof parsed[0] === "string")
+          return parsed[0];
+      } catch {
+      }
+      return text2.replace(/^"|"$/g, "");
+    } catch (err) {
+      if (err instanceof GoDaddyApiError && err.statusCode === 404) {
+        const detail = await this.getDomainDetail(domain);
+        if (detail.authCode) return detail.authCode;
+        throw new GoDaddyApiError(
+          `No auth code available for ${domain} \u2014 check GoDaddy dashboard`,
+          404,
+          ""
+        );
+      }
+      throw err;
+    }
+  }
+  async updateNameservers(domain, nameservers, onRetry) {
+    assertValidDomain(domain);
+    await this.requestVoid(
+      `/v1/domains/${domain}`,
+      { method: "PATCH", body: JSON.stringify({ nameServers: nameservers }) },
+      onRetry
+    );
+  }
+  async verifyCredentials() {
+    try {
+      await this.request("/v1/domains?limit=1");
+      return true;
+    } catch {
+      return false;
+    }
+  }
+};
+var GoDaddyApiError = class extends Error {
+  constructor(message, statusCode, responseBody) {
+    super(message);
+    this.statusCode = statusCode;
+    this.responseBody = responseBody;
+    this.name = "GoDaddyApiError";
+  }
+};
+
+// src/providers/cloudflare.ts
+import { z as z4 } from "zod/v4";
+
+// src/types/cloudflare.ts
+import { z as z3 } from "zod/v4";
+var CloudflareZoneSchema = z3.object({
+  id: z3.string(),
+  name: z3.string(),
+  status: z3.string(),
+  name_servers: z3.array(z3.string()).optional()
+});
+var CloudflareDnsRecordSchema = z3.object({
+  id: z3.string().optional(),
+  type: z3.string(),
+  name: z3.string(),
+  content: z3.string(),
+  ttl: z3.number(),
+  proxied: z3.boolean().optional(),
+  priority: z3.number().optional(),
+  data: z3.record(z3.string(), z3.unknown()).optional()
+});
+
+// src/providers/cloudflare.ts
+var BASE_URL2 = "https://api.cloudflare.com/client/v4";
+var CloudflareClient = class {
+  credentials;
+  constructor(credentials) {
+    this.credentials = credentials;
+  }
+  authHeaders() {
+    if (this.credentials.authType === "global-key") {
+      return {
+        "X-Auth-Key": this.credentials.apiKey,
+        "X-Auth-Email": this.credentials.email
+      };
+    }
+    return {
+      Authorization: `Bearer ${this.credentials.apiToken}`
+    };
+  }
+  async request(path, options = {}) {
+    await cloudflareRateLimiter.acquire();
+    const res = await fetch(`${BASE_URL2}${path}`, {
+      ...options,
+      headers: {
+        ...this.authHeaders(),
+        "Content-Type": "application/json",
+        ...options.headers
+      }
+    });
+    if (!res.ok) {
+      const body = await res.text();
+      throw new CloudflareApiError(
+        `Cloudflare API error ${res.status}: ${body}`,
+        res.status,
+        body
+      );
+    }
+    const text2 = await res.text();
+    if (!text2) throw new Error("Expected JSON response but got empty body");
+    const json = JSON.parse(text2);
+    if (!json.success) {
+      const errorMsg = json.errors.map((e) => `${e.code}: ${e.message}`).join(", ");
+      throw new CloudflareApiError(
+        `Cloudflare API error: ${errorMsg}`,
+        res.status,
+        JSON.stringify(json)
+      );
+    }
+    return json.result;
+  }
+  async createZone(domain) {
+    assertValidDomain(domain);
+    const data = await this.request("/zones", {
+      method: "POST",
+      body: JSON.stringify({
+        name: domain,
+        account: { id: this.credentials.accountId },
+        jump_start: true,
+        type: "full"
+      })
+    });
+    return CloudflareZoneSchema.parse(data);
+  }
+  async getZoneByName(domain) {
+    assertValidDomain(domain);
+    const data = await this.request(
+      `/zones?name=${encodeURIComponent(domain)}&account.id=${this.credentials.accountId}`
+    );
+    const zones = z4.array(CloudflareZoneSchema).parse(data);
+    return zones[0] ?? null;
+  }
+  async getZoneStatus(zoneId) {
+    const data = await this.request(`/zones/${zoneId}`);
+    return CloudflareZoneSchema.parse(data);
+  }
+  async createDnsRecord(zoneId, record) {
+    const data = await this.request(
+      `/zones/${zoneId}/dns_records`,
+      {
+        method: "POST",
+        body: JSON.stringify(record)
+      }
+    );
+    return CloudflareDnsRecordSchema.parse(data);
+  }
+  async verifyCredentials() {
+    try {
+      const endpoint = this.credentials.authType === "global-key" ? "/user" : "/user/tokens/verify";
+      await this.request(endpoint);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async checkAuthCode(domain, authCode) {
+    assertValidDomain(domain);
+    const encoded = Buffer.from(authCode).toString("base64");
+    return this.request(
+      `/accounts/${this.credentials.accountId}/registrar/domains/${domain}/check_auth`,
+      {
+        method: "POST",
+        body: JSON.stringify({ auth_code: encoded })
+      }
+    );
+  }
+  async initiateTransfer(zoneId, domain, authCode, contact) {
+    assertValidDomain(domain);
+    const encoded = Buffer.from(authCode).toString("base64");
+    return this.request(
+      `/zones/${zoneId}/registrar/domains/${domain}/transfer`,
+      {
+        method: "POST",
+        body: JSON.stringify({
+          auth_code: encoded,
+          auto_renew: true,
+          years: 1,
+          privacy: true,
+          import_dns: true,
+          registrant: contact,
+          fee_acknowledgement: {
+            transfer_fee: 0,
+            icann_fee: 0
+          }
+        })
+      }
+    );
+  }
+  async waitForZoneActive(zoneId, timeoutMs = 3e5, pollIntervalMs = 1e4) {
+    const start = Date.now();
+    while (Date.now() - start < timeoutMs) {
+      const zone = await this.getZoneStatus(zoneId);
+      if (zone.status === "active") return zone;
+      await new Promise((r) => setTimeout(r, pollIntervalMs));
+    }
+    throw new CloudflareApiError(
+      `Zone ${zoneId} did not become active within ${timeoutMs / 1e3}s`,
+      408,
+      ""
+    );
+  }
+};
+var CloudflareApiError = class extends Error {
+  constructor(message, statusCode, responseBody) {
+    super(message);
+    this.statusCode = statusCode;
+    this.responseBody = responseBody;
+    this.name = "CloudflareApiError";
+  }
+};
+
+// src/ui/wizard.ts
+init_state_manager();
+import * as p from "@clack/prompts";
+import chalk from "chalk";
+function credentialsFromEnv() {
+  const gdKey = process.env.GODADDY_API_KEY;
+  const gdSecret = process.env.GODADDY_API_SECRET;
+  const cfAccountId = process.env.CLOUDFLARE_ACCOUNT_ID;
+  if (!gdKey || !gdSecret || !cfAccountId) return null;
+  const cfApiKey = process.env.CLOUDFLARE_API_KEY;
+  const cfEmail = process.env.CLOUDFLARE_EMAIL;
+  const cfToken = process.env.CLOUDFLARE_API_TOKEN;
+  let cloudflare;
+  if (cfApiKey && cfEmail) {
+    cloudflare = { authType: "global-key", apiKey: cfApiKey, email: cfEmail, accountId: cfAccountId };
+  } else if (cfToken) {
+    cloudflare = { authType: "token", apiToken: cfToken, accountId: cfAccountId };
+  } else {
+    return null;
+  }
+  return {
+    godaddy: { apiKey: gdKey, apiSecret: gdSecret },
+    cloudflare
+  };
+}
+async function collectCredentials() {
+  const envCreds = credentialsFromEnv();
+  if (envCreds) {
+    p.log.info("Using credentials from environment variables.");
+    return envCreds;
+  }
+  const config = getConfig();
+  const hasGoDaddy = config.godaddy?.apiKey && config.godaddy?.apiSecret;
+  const hasCloudflare = config.cloudflare?.accountId && (config.cloudflare?.apiToken || config.cloudflare?.apiKey);
+  let useStored = false;
+  if (hasGoDaddy && hasCloudflare) {
+    useStored = await p.confirm({
+      message: "Use stored API credentials?",
+      initialValue: true
+    });
+    if (p.isCancel(useStored)) {
+      p.cancel("Migration cancelled.");
+      process.exit(0);
+    }
+  }
+  if (useStored && hasGoDaddy && hasCloudflare) {
+    const cf = config.cloudflare;
+    const cloudflare2 = cf.authType === "global-key" ? { authType: "global-key", apiKey: cf.apiKey, email: cf.email, accountId: cf.accountId } : { authType: "token", apiToken: cf.apiToken, accountId: cf.accountId };
+    return {
+      godaddy: config.godaddy,
+      cloudflare: cloudflare2
+    };
+  }
+  p.note(
+    "GoDaddy: Create a Production API key (not OTE/Test) at\n  https://developer.godaddy.com/keys\n\nCloudflare: Use your Global API Key (bottom of page) at\n  https://dash.cloudflare.com/profile/api-tokens\n  Account ID is on any zone overview page.",
+    "API Credentials Required"
+  );
+  const gdCreds = await p.group(
+    {
+      gdKey: () => p.text({
+        message: "GoDaddy API Key",
+        placeholder: "e.g. dLf3...",
+        validate: (v) => {
+          if (!v?.trim()) return "API key is required";
+        }
+      }),
+      gdSecret: () => p.password({
+        message: "GoDaddy API Secret",
+        validate: (v) => {
+          if (!v?.trim()) return "API secret is required";
+        }
+      })
+    },
+    { onCancel: () => {
+      p.cancel("Migration cancelled.");
+      process.exit(0);
+    } }
+  );
+  const cfAuthType = await p.select({
+    message: "Cloudflare auth method",
+    options: [
+      { value: "global-key", label: "Global API Key", hint: "recommended \u2014 supports registrar transfers" },
+      { value: "token", label: "Scoped API Token", hint: "limited \u2014 no registrar transfer support" }
+    ]
+  });
+  if (p.isCancel(cfAuthType)) {
+    p.cancel("Migration cancelled.");
+    process.exit(0);
+  }
+  let cloudflare;
+  if (cfAuthType === "global-key") {
+    const cfCreds = await p.group(
+      {
+        email: () => p.text({
+          message: "Cloudflare account email",
+          placeholder: "you@example.com",
+          validate: (v) => {
+            if (!v?.trim()) return "Email is required";
+          }
+        }),
+        apiKey: () => p.password({
+          message: "Cloudflare Global API Key",
+          validate: (v) => {
+            if (!v?.trim()) return "API key is required";
+          }
+        }),
+        accountId: () => p.text({
+          message: "Cloudflare Account ID",
+          placeholder: "Found on any zone overview page",
+          validate: (v) => {
+            if (!v?.trim()) return "Account ID is required";
+          }
+        })
+      },
+      { onCancel: () => {
+        p.cancel("Migration cancelled.");
+        process.exit(0);
+      } }
+    );
+    cloudflare = {
+      authType: "global-key",
+      apiKey: cfCreds.apiKey,
+      email: cfCreds.email,
+      accountId: cfCreds.accountId
+    };
+  } else {
+    const cfCreds = await p.group(
+      {
+        apiToken: () => p.password({
+          message: "Cloudflare API Token",
+          validate: (v) => {
+            if (!v?.trim()) return "API token is required";
+          }
+        }),
+        accountId: () => p.text({
+          message: "Cloudflare Account ID",
+          placeholder: "Found on any zone overview page",
+          validate: (v) => {
+            if (!v?.trim()) return "Account ID is required";
+          }
+        })
+      },
+      { onCancel: () => {
+        p.cancel("Migration cancelled.");
+        process.exit(0);
+      } }
+    );
+    cloudflare = {
+      authType: "token",
+      apiToken: cfCreds.apiToken,
+      accountId: cfCreds.accountId
+    };
+  }
+  const save = await p.confirm({
+    message: "Save credentials for future use?",
+    initialValue: true
+  });
+  if (p.isCancel(save)) {
+    p.cancel("Migration cancelled.");
+    process.exit(0);
+  }
+  const result = {
+    godaddy: {
+      apiKey: gdCreds.gdKey,
+      apiSecret: gdCreds.gdSecret
+    },
+    cloudflare
+  };
+  if (save) {
+    setConfig({
+      godaddy: result.godaddy,
+      cloudflare: cloudflare.authType === "global-key" ? { authType: "global-key", apiKey: cloudflare.apiKey, email: cloudflare.email, accountId: cloudflare.accountId } : { authType: "token", apiToken: cloudflare.apiToken, accountId: cloudflare.accountId }
+    });
+    p.log.success("Credentials saved.");
+  }
+  return result;
+}
+async function collectMigrationOptions(overrides) {
+  const options = await p.group(
+    {
+      migrateRecords: () => p.confirm({
+        message: "Migrate DNS records to Cloudflare?",
+        initialValue: true
+      }),
+      proxied: () => p.confirm({
+        message: "Proxy records through Cloudflare (orange cloud)?",
+        initialValue: false
+      })
+    },
+    {
+      onCancel: () => {
+        p.cancel("Migration cancelled.");
+        process.exit(0);
+      }
+    }
+  );
+  let dryRun = overrides?.dryRun ?? false;
+  if (!overrides?.dryRun) {
+    const answer = await p.confirm({
+      message: "Dry run first? (preview without making changes)",
+      initialValue: false
+    });
+    if (p.isCancel(answer)) {
+      p.cancel("Migration cancelled.");
+      process.exit(0);
+    }
+    dryRun = answer;
+  }
+  return {
+    migrateRecords: options.migrateRecords,
+    proxied: options.proxied,
+    dryRun
+  };
+}
+async function collectRegistrantContact() {
+  const config = getConfig();
+  if (config.registrantContact) {
+    const saved = config.registrantContact;
+    const useStored = await p.confirm({
+      message: `Use saved registrant contact? (${saved.first_name} ${saved.last_name}, ${saved.email})`,
+      initialValue: true
+    });
+    if (p.isCancel(useStored)) {
+      p.cancel("Migration cancelled.");
+      process.exit(0);
+    }
+    if (useStored) return saved;
+  }
+  p.note(
+    "ICANN requires registrant contact info for all domain transfers.\nCloudflare enables free WHOIS privacy by default, so this\ninformation will not be publicly visible after the transfer.",
+    "Registrant Contact"
+  );
+  const contact = await p.group(
+    {
+      first_name: () => p.text({
+        message: "First name",
+        validate: (v) => {
+          if (!v?.trim()) return "Required";
+        }
+      }),
+      last_name: () => p.text({
+        message: "Last name",
+        validate: (v) => {
+          if (!v?.trim()) return "Required";
+        }
+      }),
+      email: () => p.text({
+        message: "Email",
+        placeholder: "you@example.com",
+        validate: (v) => {
+          if (!v?.trim()) return "Required";
+        }
+      }),
+      phone: () => p.text({
+        message: "Phone",
+        placeholder: "+1.5551234567",
+        validate: (v) => {
+          if (!v?.trim()) return "Required";
+        }
+      }),
+      address: () => p.text({
+        message: "Street address",
+        validate: (v) => {
+          if (!v?.trim()) return "Required";
+        }
+      }),
+      address2: () => p.text({
+        message: "Address line 2 (optional)",
+        defaultValue: ""
+      }),
+      city: () => p.text({
+        message: "City",
+        validate: (v) => {
+          if (!v?.trim()) return "Required";
+        }
+      }),
+      state: () => p.text({
+        message: "State / Province",
+        validate: (v) => {
+          if (!v?.trim()) return "Required";
+        }
+      }),
+      zip: () => p.text({
+        message: "Postal code",
+        validate: (v) => {
+          if (!v?.trim()) return "Required";
+        }
+      }),
+      country: () => p.text({
+        message: "Country code",
+        placeholder: "US",
+        validate: (v) => {
+          if (!v?.trim()) return "Required";
+        }
+      })
+    },
+    { onCancel: () => {
+      p.cancel("Migration cancelled.");
+      process.exit(0);
+    } }
+  );
+  const result = {
+    first_name: contact.first_name,
+    last_name: contact.last_name,
+    organization: "",
+    address: contact.address,
+    address2: contact.address2 ?? "",
+    city: contact.city,
+    state: contact.state,
+    zip: contact.zip,
+    country: contact.country,
+    phone: contact.phone,
+    email: contact.email
+  };
+  setConfig({ registrantContact: result });
+  p.log.success("Registrant contact saved for future transfers.");
+  return result;
+}
+async function confirmTransferCost(domainCount) {
+  p.note(
+    `Each domain transfer includes a 1-year renewal charged at
+Cloudflare's at-cost pricing. Cost varies by TLD \u2014 common
+examples: .com ~$9.15, .net ~$10.50, .org ~$10.00/year.
+Other TLDs may cost more. Check Cloudflare's pricing for details.
+
+Payment is billed to the card on file in your Cloudflare account.
+Domains to transfer: ${chalk.bold(domainCount)}`,
+    "Transfer Cost"
+  );
+  const confirmed = await p.confirm({
+    message: `I understand that ${chalk.bold(domainCount)} domain transfer${domainCount === 1 ? "" : "s"} will be charged to my Cloudflare account`,
+    initialValue: true
+  });
+  if (p.isCancel(confirmed)) {
+    p.cancel("Migration cancelled.");
+    process.exit(0);
+  }
+  return confirmed;
+}
+async function confirmMigration(domainCount, dryRun) {
+  const action = dryRun ? "preview migration for" : "start migration for";
+  const confirmed = await p.confirm({
+    message: `Proceed to ${action} ${chalk.bold(domainCount)} domain${domainCount === 1 ? "" : "s"}?`,
+    initialValue: true
+  });
+  if (p.isCancel(confirmed)) {
+    p.cancel("Migration cancelled.");
+    process.exit(0);
+  }
+  return confirmed;
+}
+
+// src/ui/domain-selector.ts
+import * as p2 from "@clack/prompts";
+import chalk2 from "chalk";
+async function selectDomains(domains, selectAll) {
+  if (selectAll) {
+    return domains.map((d) => d.domain);
+  }
+  const mode = await p2.select({
+    message: `${domains.length} domains available \u2014 migrate all or choose?`,
+    options: [
+      { value: "all", label: "All domains" },
+      { value: "pick", label: "Let me choose" }
+    ]
+  });
+  if (p2.isCancel(mode)) {
+    p2.cancel("Migration cancelled.");
+    process.exit(0);
+  }
+  if (mode === "all") {
+    return domains.map((d) => d.domain);
+  }
+  const options = domains.map((d) => {
+    const expires = d.expires ? new Date(d.expires).toLocaleDateString() : "unknown";
+    const locked = d.locked ? "locked" : "unlocked";
+    const privacy = d.privacy ? "privacy" : "no privacy";
+    let expiryWarning = "";
+    if (d.expires) {
+      const daysUntilExpiry = (new Date(d.expires).getTime() - Date.now()) / (1e3 * 60 * 60 * 24);
+      if (daysUntilExpiry < 30) {
+        expiryWarning = chalk2.yellow(" \u26A0 expires soon");
+      }
+    }
+    return {
+      value: d.domain,
+      label: d.domain,
+      hint: `expires ${expires}, ${locked}, ${privacy}${expiryWarning}`
+    };
+  });
+  const selected = await p2.multiselect({
+    message: `Select domains to migrate (${domains.length} available)`,
+    options,
+    required: true
+  });
+  if (p2.isCancel(selected)) {
+    p2.cancel("Migration cancelled.");
+    process.exit(0);
+  }
+  return selected;
+}
+
+// src/ui/dns-preview.ts
+import * as p3 from "@clack/prompts";
+import chalk3 from "chalk";
+
+// src/services/dns-migrator.ts
+var SKIP_TYPES = /* @__PURE__ */ new Set(["SOA"]);
+function isGoDaddyParking(record) {
+  if (record.type === "A" && record.name === "@" && record.data === "Parked") {
+    return true;
+  }
+  if (record.type === "CNAME" && (record.data.endsWith(".secureserver.net") || record.data.endsWith(".domaincontrol.com"))) {
+    return true;
+  }
+  return false;
+}
+function mapGoDaddyToCloudflare(records, domain, proxied = false) {
+  const mapped = [];
+  for (const record of records) {
+    if (SKIP_TYPES.has(record.type)) continue;
+    if (record.type === "NS" && record.name === "@") continue;
+    if (isGoDaddyParking(record)) continue;
+    const cfRecord = mapRecord(record, domain, proxied);
+    if (cfRecord) mapped.push(cfRecord);
+  }
+  return mapped;
+}
+function mapRecord(record, domain, proxied) {
+  const name = record.name === "@" ? domain : `${record.name}.${domain}`;
+  const ttl = record.ttl < 120 ? 1 : record.ttl;
+  switch (record.type) {
+    case "A":
+    case "AAAA":
+      return {
+        type: record.type,
+        name,
+        content: record.data,
+        ttl,
+        proxied
+      };
+    case "CNAME":
+      return {
+        type: "CNAME",
+        name,
+        content: record.data === "@" ? domain : record.data,
+        ttl,
+        proxied
+      };
+    case "MX":
+      return {
+        type: "MX",
+        name,
+        content: record.data,
+        ttl,
+        priority: record.priority ?? 10
+      };
+    case "TXT":
+      return {
+        type: "TXT",
+        name,
+        content: record.data,
+        ttl
+      };
+    case "SRV": {
+      const srvName = record.service && record.protocol ? `${record.service}.${record.protocol}.${name}` : name;
+      return {
+        type: "SRV",
+        name: srvName,
+        content: `${record.priority ?? 0} ${record.weight ?? 0} ${record.port ?? 0} ${record.data}`,
+        ttl,
+        data: {
+          priority: record.priority ?? 0,
+          weight: record.weight ?? 0,
+          port: record.port ?? 0,
+          target: record.data,
+          service: record.service ?? "",
+          proto: record.protocol ?? "",
+          name
+        }
+      };
+    }
+    case "CAA": {
+      const parts = record.data.match(/^(\d+)\s+(\S+)\s+(.+)$/);
+      if (!parts) return null;
+      return {
+        type: "CAA",
+        name,
+        content: record.data,
+        ttl,
+        data: {
+          flags: parseInt(parts[1], 10),
+          tag: parts[2],
+          value: parts[3]
+        }
+      };
+    }
+    case "NS":
+      return {
+        type: "NS",
+        name,
+        content: record.data,
+        ttl
+      };
+    default:
+      return null;
+  }
+}
+async function migrateDnsRecords(cloudflare, zoneId, records) {
+  let created = 0;
+  const failed = [];
+  for (const record of records) {
+    try {
+      await cloudflare.createDnsRecord(zoneId, record);
+      created++;
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      if (message.includes("already exists")) {
+        created++;
+      } else {
+        failed.push({ record, error: message });
+      }
+    }
+  }
+  return { created, failed };
+}
+
+// src/ui/dns-preview.ts
+function summarizeRecords(records) {
+  const counts = /* @__PURE__ */ new Map();
+  for (const r of records) {
+    counts.set(r.type, (counts.get(r.type) ?? 0) + 1);
+  }
+  const parts = [...counts.entries()].sort(([a], [b]) => a.localeCompare(b)).map(([type, count]) => `${count} ${type}`);
+  return `${parts.join(", ")} ${chalk3.dim(`(${records.length} total)`)}`;
+}
+function formatRecordDetail(record) {
+  const type = chalk3.cyan(record.type.padEnd(6));
+  const name = chalk3.bold(record.name);
+  const content = record.content.length > 60 ? record.content.slice(0, 57) + "..." : record.content;
+  const priority = record.priority !== void 0 ? ` (pri: ${record.priority})` : "";
+  return `  ${type} ${name} \u2192 ${content}${priority}`;
+}
+async function previewDnsRecords(godaddy, domains) {
+  const s = p3.spinner();
+  s.start(`Fetching DNS records for ${domains.length} domain${domains.length === 1 ? "" : "s"}...`);
+  const previews = [];
+  const errors = [];
+  for (const domain of domains) {
+    try {
+      const gdRecords = await godaddy.getDnsRecords(domain);
+      const cfRecords = mapGoDaddyToCloudflare(gdRecords, domain);
+      previews.push({ domain, records: cfRecords });
+    } catch (err) {
+      errors.push({ domain, error: err instanceof Error ? err.message : String(err) });
+    }
+  }
+  s.stop("DNS records fetched");
+  p3.log.message(chalk3.bold("DNS records to migrate:"));
+  for (const { domain, records } of previews) {
+    if (records.length === 0) {
+      p3.log.message(`  ${chalk3.bold(domain)} \u2192 ${chalk3.dim("no records to migrate")}`);
+    } else {
+      p3.log.message(`  ${chalk3.bold(domain)} \u2192 ${summarizeRecords(records)}`);
+    }
+  }
+  for (const { domain, error } of errors) {
+    p3.log.message(`  ${chalk3.bold(domain)} \u2192 ${chalk3.red(`failed: ${error}`)}`);
+  }
+  const domainsWithRecords = previews.filter((p9) => p9.records.length > 0);
+  if (domainsWithRecords.length === 0) return;
+  let viewMore = true;
+  while (viewMore) {
+    const choice = await p3.select({
+      message: "View detailed records for a domain?",
+      options: [
+        { value: "__skip__", label: "Continue", hint: "proceed to migration options" },
+        ...domainsWithRecords.map((d) => ({
+          value: d.domain,
+          label: d.domain,
+          hint: `${d.records.length} records`
+        }))
+      ]
+    });
+    if (p3.isCancel(choice) || choice === "__skip__") {
+      viewMore = false;
+      break;
+    }
+    const preview = domainsWithRecords.find((d) => d.domain === choice);
+    if (preview) {
+      p3.log.message(chalk3.bold(`
+${preview.domain} records:`));
+      for (const record of preview.records) {
+        p3.log.message(formatRecordDetail(record));
+      }
+      p3.log.message("");
+    }
+  }
+}
+
+// src/services/transfer-engine.ts
+init_state_manager();
+
+// src/services/errors.ts
+import chalk4 from "chalk";
+var GODADDY_HINTS = [
+  {
+    match: (_, status) => status === 401 || status === 403,
+    suggestion: "Check your GoDaddy API key and secret at https://developer.godaddy.com/keys"
+  },
+  {
+    match: (_, status) => status === 429,
+    suggestion: "GoDaddy rate limit hit. Wait a minute and try again, or reduce concurrency."
+  },
+  {
+    match: (msg) => msg.includes("DOMAIN_LOCKED"),
+    suggestion: "Domain is locked. It may take a few minutes after unlocking before GoDaddy reflects the change."
+  },
+  {
+    match: (msg) => msg.includes("409") || msg.includes("Conflict"),
+    suggestion: "The auth code may have been sent to your email instead. Check your inbox and use `nodaddy resume` to continue."
+  },
+  {
+    match: (msg) => msg.includes("UNABLE_TO_AUTHENTICATE") || msg.includes("NOT_FOUND"),
+    suggestion: "Make sure you are using a Production API key (not OTE/Test) at https://developer.godaddy.com/keys"
+  }
+];
+var CLOUDFLARE_HINTS = [
+  {
+    match: (_, status) => status === 401 || status === 403,
+    suggestion: "Check your Cloudflare API token permissions. Required: Zone:Edit, DNS:Edit, Registrar Domains:Edit"
+  },
+  {
+    match: (msg) => msg.includes("already exists"),
+    suggestion: "This zone already exists in Cloudflare. You may need to delete it first or use the existing zone."
+  },
+  {
+    match: (_, status) => status === 429,
+    suggestion: "Cloudflare rate limit hit. The tool will automatically retry with backoff."
+  },
+  {
+    match: (msg) => msg.includes("not_registrable"),
+    suggestion: "This TLD cannot be transferred to Cloudflare Registrar. DNS-only setup is still possible."
+  },
+  {
+    match: (msg) => msg.includes("did not become active"),
+    suggestion: "Nameserver changes can take up to 48 hours to propagate. Run `nodaddy resume` to retry later."
+  }
+];
+function formatError(err, provider, plain = false) {
+  const message = err instanceof Error ? err.message : String(err);
+  const statusCode = err.statusCode;
+  const hints = provider === "godaddy" ? GODADDY_HINTS : provider === "cloudflare" ? CLOUDFLARE_HINTS : [...GODADDY_HINTS, ...CLOUDFLARE_HINTS];
+  const hint = hints.find((h) => h.match(message, statusCode));
+  if (hint) {
+    return plain ? `${message} | Suggestion: ${hint.suggestion}` : `${message}
+  ${chalk4.yellow("Suggestion:")} ${hint.suggestion}`;
+  }
+  return message;
+}
+
+// src/services/transfer-engine.ts
+var GODADDY_RESOURCE_LOCK_DELAY_MS = 5e3;
+var UNSUPPORTED_TLDS = /* @__PURE__ */ new Set([
+  "uk",
+  "co.uk",
+  "org.uk",
+  "me.uk",
+  "de",
+  "ca",
+  "au",
+  "com.au",
+  "net.au",
+  "jp",
+  "eu",
+  "be",
+  "fr",
+  "nl"
+]);
+function preflightCheck(domain) {
+  const reasons = [];
+  if (domain.status !== "ACTIVE") {
+    reasons.push(
+      `Status is ${domain.status} \u2014 domain must be ACTIVE to transfer. Check your GoDaddy dashboard for holds or suspensions.`
+    );
+  }
+  if (domain.createdAt) {
+    const created = new Date(domain.createdAt);
+    const daysSinceCreation = (Date.now() - created.getTime()) / (1e3 * 60 * 60 * 24);
+    if (daysSinceCreation < 60) {
+      const daysRemaining = Math.ceil(60 - daysSinceCreation);
+      reasons.push(
+        `Domain is only ${Math.floor(daysSinceCreation)} days old \u2014 ICANN requires 60 days before transfer. Try again in ${daysRemaining} day${daysRemaining === 1 ? "" : "s"}.`
+      );
+    }
+  }
+  const tld = domain.domain.split(".").slice(1).join(".");
+  if (UNSUPPORTED_TLDS.has(tld)) {
+    reasons.push(
+      `TLD .${tld} is not supported by Cloudflare Registrar \u2014 see https://www.cloudflare.com/tld-policies/ for supported TLDs`
+    );
+  }
+  if (domain.transferProtected) {
+    reasons.push(
+      "Domain Protection is enabled \u2014 disable at https://dcc.godaddy.com \u2192 select domain \u2192 Secure \u2192 downgrade to None (requires identity verification)"
+    );
+  }
+  return {
+    domain: domain.domain,
+    eligible: reasons.length === 0,
+    reasons
+  };
+}
+async function transferDomain(godaddy, cloudflare, domain, migrationId, options, contact, onProgress) {
+  const report = (step, status, error) => {
+    onProgress?.({ domain, step, status, error });
+  };
+  const retryReporter = (action, currentStatus) => (attempt, maxRetries, delaySec) => {
+    report(
+      `${action} \u2014 GoDaddy resource locked, retrying in ${delaySec}s (${attempt}/${maxRetries})`,
+      currentStatus
+    );
+  };
+  try {
+    report("Exporting DNS records", "pending");
+    const dnsRecords = await godaddy.getDnsRecords(domain);
+    saveDnsBackup(migrationId, domain, dnsRecords);
+    if (options.dryRun) {
+      report("Dry run \u2014 would migrate DNS records", "pending");
+      return;
+    }
+    report("Creating Cloudflare zone", "pending");
+    let zone;
+    try {
+      zone = await cloudflare.createZone(domain);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "";
+      if (message.includes("already exists")) {
+        report("Zone already exists, looking up", "pending");
+        const existing = await cloudflare.getZoneByName(domain);
+        if (existing) {
+          zone = existing;
+        } else {
+          throw err;
+        }
+      } else {
+        throw err;
+      }
+    }
+    const zoneId = zone.id;
+    const nameservers = zone.name_servers ?? [];
+    updateDomainStatus(migrationId, domain, "pending", {
+      cloudflareZoneId: zoneId,
+      cloudflareNameservers: nameservers
+    });
+    if (options.migrateRecords) {
+      report("Migrating DNS records", "pending");
+      const cfRecords = mapGoDaddyToCloudflare(dnsRecords, domain, options.proxied);
+      const result = await migrateDnsRecords(cloudflare, zoneId, cfRecords);
+      if (result.failed.length > 0) {
+        report(
+          `DNS migration: ${result.created} created, ${result.failed.length} failed`,
+          "pending"
+        );
+      }
+    }
+    updateDomainStatus(migrationId, domain, "dns_migrated");
+    report("DNS migrated", "dns_migrated");
+    report("Removing WHOIS privacy", "dns_migrated");
+    try {
+      await godaddy.removePrivacy(domain, retryReporter("Removing WHOIS privacy", "dns_migrated"));
+    } catch (privacyErr) {
+      const msg = privacyErr instanceof Error ? privacyErr.message : "";
+      if (!msg.includes("404") && !msg.includes("409")) {
+        report(`Privacy removal failed (non-blocking): ${msg}`, "dns_migrated");
+      }
+    }
+    await new Promise((r) => setTimeout(r, GODADDY_RESOURCE_LOCK_DELAY_MS));
+    report("Unlocking + disabling auto-renew", "dns_migrated");
+    await godaddy.prepareForTransfer(domain, retryReporter("Unlocking + disabling auto-renew", "dns_migrated"));
+    report("Waiting for unlock to propagate", "dns_migrated");
+    let unlocked = false;
+    for (let attempt = 0; attempt < 6; attempt++) {
+      await new Promise((r) => setTimeout(r, GODADDY_RESOURCE_LOCK_DELAY_MS));
+      const detail = await godaddy.getDomainDetail(domain);
+      if (!detail.locked) {
+        unlocked = true;
+        break;
+      }
+    }
+    if (!unlocked) {
+      throw new Error(
+        `Domain ${domain} is still locked after prepareForTransfer (unlock + disable auto-renew)`
+      );
+    }
+    updateDomainStatus(migrationId, domain, "unlocked");
+    report("Domain unlocked", "unlocked");
+    report("Fetching auth code", "unlocked");
+    const authCode = await godaddy.getAuthCode(domain);
+    updateDomainStatus(migrationId, domain, "auth_obtained");
+    report("Auth code obtained", "auth_obtained");
+    if (nameservers.length > 0) {
+      report("Updating nameservers", "auth_obtained");
+      await godaddy.updateNameservers(domain, nameservers, retryReporter("Updating nameservers", "auth_obtained"));
+      updateDomainStatus(migrationId, domain, "ns_changed");
+      report("Nameservers updated", "ns_changed");
+    }
+    if (contact) {
+      report("Waiting for zone activation (may take a few minutes)", "ns_changed");
+      await cloudflare.waitForZoneActive(zoneId);
+      report("Validating auth code", "ns_changed");
+      await cloudflare.checkAuthCode(domain, authCode);
+      report("Initiating transfer", "ns_changed");
+      await cloudflare.initiateTransfer(zoneId, domain, authCode, contact);
+      updateDomainStatus(migrationId, domain, "transfer_initiated");
+      report("Transfer initiated", "transfer_initiated");
+    } else {
+      updateDomainStatus(migrationId, domain, "completed");
+      report("DNS migrated (no registrar transfer \u2014 use Global API Key to enable)", "completed");
+    }
+    return { authCode };
+  } catch (err) {
+    const rawMessage = err instanceof Error ? err.message : String(err);
+    const provider = rawMessage.includes("GoDaddy") ? "godaddy" : rawMessage.includes("Cloudflare") ? "cloudflare" : void 0;
+    const message = formatError(err, provider);
+    const persistedError = formatError(err, provider, true);
+    updateDomainStatus(migrationId, domain, "failed", {
+      error: persistedError
+    });
+    report(message, "failed", message);
+    throw err;
+  }
+}
+
+// src/ui/progress.ts
+import { Listr } from "listr2";
+function createMigrationTasks(domains, godaddy, cloudflare, migrationId, options, contact) {
+  return new Listr(
+    domains.map((domain) => ({
+      title: domain,
+      task: async (ctx, task) => {
+        try {
+          const result = await transferDomain(
+            godaddy,
+            cloudflare,
+            domain,
+            migrationId,
+            options,
+            contact,
+            (progress) => {
+              task.title = `${domain} \u2014 ${progress.step}`;
+            }
+          );
+          ctx.results.set(domain, {
+            success: true,
+            authCode: result?.authCode
+          });
+          task.title = `${domain} \u2713`;
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          ctx.results.set(domain, { success: false, error: message });
+          task.title = `${domain} \u2717 ${message}`;
+          throw err;
+        }
+      },
+      exitOnError: false
+    })),
+    {
+      concurrent: 8,
+      exitOnError: false,
+      rendererOptions: {
+        collapseErrors: false
+      }
+    }
+  );
+}
+
+// src/commands/migrate.ts
+init_state_manager();
+async function migrateCommand(opts) {
+  p4.intro(chalk5.bgCyan.black(" nodaddy "));
+  const creds = await collectCredentials();
+  const s = p4.spinner();
+  s.start("Verifying API credentials...");
+  const godaddy = new GoDaddyClient(creds.godaddy);
+  const cloudflare = new CloudflareClient(creds.cloudflare);
+  const [gdValid, cfValid] = await Promise.all([
+    godaddy.verifyCredentials(),
+    cloudflare.verifyCredentials()
+  ]);
+  if (!gdValid) {
+    s.stop("GoDaddy credentials invalid");
+    p4.log.error("Failed to authenticate with GoDaddy API. Check your API key and secret.");
+    process.exit(1);
+  }
+  if (!cfValid) {
+    s.stop("Cloudflare credentials invalid");
+    p4.log.error("Failed to authenticate with Cloudflare API. Check your API token.");
+    process.exit(1);
+  }
+  s.stop("API credentials verified");
+  s.start("Fetching domains from GoDaddy...");
+  let domains;
+  try {
+    domains = await godaddy.listDomains();
+  } catch (err) {
+    s.stop("Failed to fetch domains");
+    p4.log.error(err instanceof Error ? err.message : String(err));
+    process.exit(1);
+  }
+  s.stop(`Found ${chalk5.bold(domains.length)} active domains`);
+  if (domains.length === 0) {
+    p4.log.warn("No active domains found in your GoDaddy account.");
+    p4.outro("Nothing to migrate.");
+    return;
+  }
+  const selected = await selectDomains(domains, opts.all ?? false);
+  if (selected.length === 0) {
+    p4.outro("No domains selected.");
+    return;
+  }
+  s.start("Running preflight checks...");
+  const selectedDomainDetails = await Promise.all(
+    selected.map((d) => godaddy.getDomainDetail(d))
+  );
+  const preflightResults = selectedDomainDetails.map(preflightCheck);
+  const eligible = preflightResults.filter((r) => r.eligible);
+  const ineligible = preflightResults.filter((r) => !r.eligible);
+  s.stop(
+    `${chalk5.green(eligible.length)} eligible, ${chalk5.red(ineligible.length)} ineligible`
+  );
+  if (ineligible.length > 0) {
+    p4.log.warn("Ineligible domains:");
+    for (const result of ineligible) {
+      p4.log.message(
+        `  ${chalk5.red("\u2717")} ${result.domain}: ${result.reasons.join(", ")}`
+      );
+    }
+  }
+  if (eligible.length === 0) {
+    p4.outro("No eligible domains to migrate.");
+    return;
+  }
+  const eligibleDomains = eligible.map((r) => r.domain);
+  await previewDnsRecords(godaddy, eligibleDomains);
+  const migrationOptions = await collectMigrationOptions(
+    opts.dryRun ? { dryRun: true } : void 0
+  );
+  const canTransfer = creds.cloudflare.authType === "global-key";
+  if (!migrationOptions.dryRun && canTransfer) {
+    const costConfirmed = await confirmTransferCost(eligible.length);
+    if (!costConfirmed) {
+      p4.outro("Migration cancelled.");
+      return;
+    }
+  }
+  let contact;
+  if (migrationOptions.dryRun) {
+    contact = void 0;
+  } else if (canTransfer) {
+    contact = await collectRegistrantContact();
+  } else {
+    p4.log.warn(
+      "Scoped API tokens do not support registrar transfers. DNS will be migrated but domains will not be transferred."
+    );
+    contact = void 0;
+  }
+  const confirmed = await confirmMigration(
+    eligible.length,
+    migrationOptions.dryRun
+  );
+  if (!confirmed) {
+    p4.outro("Migration cancelled.");
+    return;
+  }
+  const migration = createMigration(eligibleDomains);
+  p4.log.step(
+    migrationOptions.dryRun ? "Starting dry run..." : "Starting migration..."
+  );
+  const tasks = createMigrationTasks(
+    eligibleDomains,
+    godaddy,
+    cloudflare,
+    migration.id,
+    migrationOptions,
+    contact
+  );
+  const ctx = { results: /* @__PURE__ */ new Map() };
+  try {
+    await tasks.run(ctx);
+  } catch {
+  }
+  const succeeded = eligibleDomains.filter(
+    (d) => ctx.results.get(d)?.success
+  );
+  const failed = eligibleDomains.filter(
+    (d) => !ctx.results.get(d)?.success
+  );
+  if (migrationOptions.dryRun) {
+    p4.log.success(`Preview run finished for ${succeeded.length}/${eligible.length} domains`);
+  } else if (succeeded.length === eligible.length) {
+    p4.log.success(`Migration run finished for ${succeeded.length}/${eligible.length} domains`);
+  } else if (succeeded.length > 0) {
+    p4.log.warn(
+      `Migration run finished: ${chalk5.green(succeeded.length)} succeeded, ${chalk5.red(failed.length)} failed`
+    );
+  } else {
+    p4.log.error(
+      `Migration failed for all ${eligible.length} domain${eligible.length === 1 ? "" : "s"}`
+    );
+  }
+  if (!migrationOptions.dryRun && succeeded.length > 0) {
+    p4.note(
+      `Transfers initiated for ${succeeded.length} domain${succeeded.length === 1 ? "" : "s"}.
+
+Track progress:
+  ${chalk5.cyan("nodaddy status")}
+
+  https://dash.cloudflare.com/?to=/:account/domains/transfer
+
+Transfers typically take 1-5 days to complete.
+
+When you're done transferring domains, run
+  ${chalk5.cyan("nodaddy cleanup")}
+to remove stored credentials and personal info from this machine.`,
+      "Next Steps"
+    );
+  }
+  if (!migrationOptions.dryRun && failed.length > 0) {
+    p4.note(
+      `${failed.length} domain${failed.length === 1 ? "" : "s"} failed. Your progress has been saved.
+
+To retry failed domains:
+  ${chalk5.cyan("nodaddy resume")}
+
+To see what went wrong:
+  ${chalk5.cyan("nodaddy status")}
+
+Common fixes:
+  \u2022 "Resource is being used" \u2014 GoDaddy is still processing a
+    recent change. Wait a few minutes and run resume.
+  \u2022 Domain Protection \u2014 disable at https://dcc.godaddy.com
+  \u2022 Auth code issues \u2014 check your GoDaddy email inbox`,
+      "Failed Domains"
+    );
+  }
+  p4.outro(chalk5.green("Done!"));
+}
+
+// src/commands/list.ts
+import * as p5 from "@clack/prompts";
+import chalk6 from "chalk";
+import Table from "cli-table3";
+init_state_manager();
+async function listCommand() {
+  p5.intro(chalk6.bgCyan.black(" nodaddy \u2014 list domains "));
+  const gdKey = process.env.GODADDY_API_KEY;
+  const gdSecret = process.env.GODADDY_API_SECRET;
+  const config = getConfig();
+  const apiKey = gdKey || config.godaddy?.apiKey;
+  const apiSecret = gdSecret || config.godaddy?.apiSecret;
+  if (!apiKey || !apiSecret) {
+    p5.log.error(
+      "GoDaddy credentials not configured. Set GODADDY_API_KEY/GODADDY_API_SECRET env vars, or run `nodaddy migrate`."
+    );
+    process.exit(1);
+  }
+  const godaddy = new GoDaddyClient({ apiKey, apiSecret });
+  const s = p5.spinner();
+  s.start("Fetching domains from GoDaddy...");
+  try {
+    const domains = await godaddy.listDomains();
+    s.stop(`Found ${chalk6.bold(domains.length)} active domains`);
+    if (domains.length === 0) {
+      p5.log.info("No active domains found.");
+      p5.outro("");
+      return;
+    }
+    const table = new Table({
+      head: ["Domain", "Expires", "Locked", "Privacy", "Auto-Renew"],
+      style: { head: ["cyan"] }
+    });
+    for (const d of domains) {
+      const expires = d.expires ? new Date(d.expires).toLocaleDateString() : "\u2014";
+      const locked = d.locked ? chalk6.yellow("Yes") : chalk6.green("No");
+      const privacy = d.privacy ? chalk6.yellow("Yes") : chalk6.dim("No");
+      const autoRenew = d.renewAuto ? chalk6.yellow("Yes") : chalk6.dim("No");
+      table.push([d.domain, expires, locked, privacy, autoRenew]);
+    }
+    console.log(table.toString());
+    p5.outro(`${domains.length} domains total`);
+  } catch (err) {
+    s.stop("Failed to fetch domains");
+    p5.log.error(err instanceof Error ? err.message : String(err));
+    process.exit(1);
+  }
+}
+
+// src/commands/status.ts
+init_state_manager();
+import * as p6 from "@clack/prompts";
+import chalk7 from "chalk";
+import Table2 from "cli-table3";
+var STATUS_COLORS = {
+  pending: chalk7.dim,
+  dns_migrated: chalk7.blue,
+  unlocked: chalk7.blue,
+  auth_obtained: chalk7.blue,
+  ns_changed: chalk7.cyan,
+  transfer_initiated: chalk7.yellow,
+  completed: chalk7.green,
+  failed: chalk7.red
+};
+var STATUS_LABELS = {
+  pending: "Pending",
+  dns_migrated: "DNS Migrated",
+  unlocked: "Unlocked",
+  auth_obtained: "Auth Obtained",
+  ns_changed: "NS Changed",
+  transfer_initiated: "Transferring (1-5 days)",
+  completed: "Completed",
+  failed: "Failed"
+};
+var MEANINGFUL_STATUSES = /* @__PURE__ */ new Set([
+  "transfer_initiated",
+  "completed"
+]);
+async function statusCommand() {
+  p6.intro(chalk7.bgCyan.black(" nodaddy \u2014 migration status "));
+  const allMigrations = getAllMigrations();
+  if (allMigrations.length === 0) {
+    p6.log.info("No migrations found. Run `nodaddy migrate` to start one.");
+    p6.outro("");
+    return;
+  }
+  const meaningful = allMigrations.filter(
+    (m) => Object.values(m.domains).some((d) => MEANINGFUL_STATUSES.has(d.status))
+  );
+  if (meaningful.length === 0) {
+    p6.log.info("No completed transfers yet. Run `nodaddy migrate` to start one.");
+    p6.outro("");
+    return;
+  }
+  const domainMap = /* @__PURE__ */ new Map();
+  for (const migration of [...meaningful].reverse()) {
+    for (const d of Object.values(migration.domains)) {
+      if (MEANINGFUL_STATUSES.has(d.status)) {
+        domainMap.set(d.domain, d);
+      }
+    }
+  }
+  const domains = [...domainMap.values()].sort(
+    (a, b) => new Date(a.lastUpdated).getTime() - new Date(b.lastUpdated).getTime()
+  );
+  const table = new Table2({
+    head: ["Domain", "Status", "Last Updated"],
+    style: { head: ["cyan"] }
+  });
+  for (const d of domains) {
+    const colorFn = STATUS_COLORS[d.status] ?? chalk7.dim;
+    const label = STATUS_LABELS[d.status] ?? d.status;
+    const updated = new Date(d.lastUpdated).toLocaleString();
+    const statusText = d.error ? `${colorFn(label)} \u2014 ${chalk7.red(d.error.slice(0, 60))}` : colorFn(label);
+    table.push([d.domain, statusText, updated]);
+  }
+  console.log(table.toString());
+  const counts = domains.reduce(
+    (acc, d) => {
+      acc[d.status] = (acc[d.status] ?? 0) + 1;
+      return acc;
+    },
+    {}
+  );
+  const summary = Object.entries(counts).map(([status, count]) => {
+    const colorFn = STATUS_COLORS[status] ?? chalk7.dim;
+    return colorFn(`${STATUS_LABELS[status] ?? status}: ${count}`);
+  }).join(" | ");
+  p6.outro(`${domains.length} domain${domains.length === 1 ? "" : "s"} \u2014 ${summary}`);
+}
+
+// src/commands/resume.ts
+import * as p7 from "@clack/prompts";
+import chalk8 from "chalk";
+init_state_manager();
+async function resumeCommand() {
+  p7.intro(chalk8.bgCyan.black(" nodaddy \u2014 resume migration "));
+  const migration = getActiveMigration();
+  if (!migration) {
+    const allMigrations = getAllMigrations();
+    if (allMigrations.length === 0) {
+      p7.log.info("No migrations found. Run `nodaddy migrate` to start one.");
+      p7.outro("");
+      return;
+    }
+    p7.log.warn("No active migration. Use `nodaddy status` to review past migrations.");
+    p7.outro("");
+    return;
+  }
+  const resumable = getResumableDomains(migration.id);
+  const allDomains = Object.values(migration.domains);
+  const completed = allDomains.filter(
+    (d) => d.status === "completed" || d.status === "transfer_initiated"
+  );
+  p7.log.info(
+    `Migration ${chalk8.dim(migration.id.slice(0, 8))}: ${completed.length}/${allDomains.length} done, ${resumable.length} remaining`
+  );
+  if (resumable.length === 0) {
+    p7.log.success("All domains have been processed!");
+    p7.outro("");
+    return;
+  }
+  for (const d of resumable) {
+    const statusLabel = d.status === "failed" ? chalk8.red(`failed: ${d.error?.slice(0, 60)}`) : chalk8.yellow(d.status);
+    p7.log.message(`  ${d.domain} \u2014 ${statusLabel}`);
+  }
+  const confirmed = await p7.confirm({
+    message: `Resume migration for ${chalk8.bold(resumable.length)} domain${resumable.length === 1 ? "" : "s"}?`,
+    initialValue: true
+  });
+  if (p7.isCancel(confirmed) || !confirmed) {
+    p7.outro("Cancelled.");
+    return;
+  }
+  const config = getConfig();
+  const gd = config.godaddy;
+  const cf = config.cloudflare;
+  if (!gd?.apiKey || !gd?.apiSecret) {
+    p7.log.error("GoDaddy credentials not found. Run `nodaddy migrate` to set them up.");
+    process.exit(1);
+  }
+  if (!cf?.accountId) {
+    p7.log.error("Cloudflare credentials not found. Run `nodaddy migrate` to set them up.");
+    process.exit(1);
+  }
+  if (cf.authType === "global-key" && (!cf.apiKey || !cf.email)) {
+    p7.log.error("Cloudflare Global API Key credentials incomplete. Run `nodaddy migrate` to reconfigure.");
+    process.exit(1);
+  }
+  if (cf.authType === "token" && !cf.apiToken) {
+    p7.log.error("Cloudflare API Token not found. Run `nodaddy migrate` to reconfigure.");
+    process.exit(1);
+  }
+  const cfCreds = cf.authType === "global-key" ? { authType: "global-key", apiKey: cf.apiKey, email: cf.email, accountId: cf.accountId } : { authType: "token", apiToken: cf.apiToken, accountId: cf.accountId };
+  const godaddy = new GoDaddyClient(gd);
+  const cloudflare = new CloudflareClient(cfCreds);
+  let contact;
+  if (cf.authType === "global-key") {
+    contact = await collectRegistrantContact();
+  } else {
+    p7.log.warn(
+      "Scoped API tokens do not support registrar transfers. DNS will be migrated but domains will not be transferred."
+    );
+    contact = void 0;
+  }
+  const domainNames = resumable.map((d) => d.domain);
+  const tasks = createMigrationTasks(
+    domainNames,
+    godaddy,
+    cloudflare,
+    migration.id,
+    { dryRun: false, migrateRecords: true, proxied: false },
+    contact
+  );
+  const ctx = { results: /* @__PURE__ */ new Map() };
+  try {
+    await tasks.run(ctx);
+  } catch {
+  }
+  const succeeded = domainNames.filter((d) => ctx.results.get(d)?.success);
+  const failed = domainNames.filter((d) => !ctx.results.get(d)?.success);
+  if (failed.length === 0) {
+    p7.log.success("All domains resumed successfully.");
+  } else if (succeeded.length > 0) {
+    p7.log.warn(
+      `${chalk8.green(succeeded.length)} succeeded, ${chalk8.red(failed.length)} still failing`
+    );
+  } else {
+    p7.log.error(`All ${domainNames.length} domain${domainNames.length === 1 ? "" : "s"} failed again`);
+  }
+  if (failed.length > 0) {
+    p7.note(
+      `${failed.length} domain${failed.length === 1 ? "" : "s"} still failing. Progress is saved.
+
+You can run ${chalk8.cyan("nodaddy resume")} again after fixing the issue.
+
+Common fixes:
+  \u2022 "Resource is being used" \u2014 wait a few minutes and retry
+  \u2022 Domain Protection \u2014 disable at https://dcc.godaddy.com
+  \u2022 Auth code issues \u2014 check your GoDaddy email inbox`,
+      "Still Failing"
+    );
+  } else {
+    p7.note(
+      `Track transfer progress:
+  ${chalk8.cyan("nodaddy status")}
+
+  https://dash.cloudflare.com/?to=/:account/domains/transfer`,
+      "Next Steps"
+    );
+  }
+  p7.outro(chalk8.green("Done!"));
+}
+
+// src/commands/cleanup.ts
+init_state_manager();
+import * as p8 from "@clack/prompts";
+import chalk9 from "chalk";
+async function cleanupCommand() {
+  p8.intro(chalk9.bgCyan.black(" nodaddy \u2014 cleanup "));
+  const config = getConfig();
+  const migrations = getAllMigrations();
+  const storePath = getStorePath();
+  const items = [];
+  if (config.godaddy?.apiKey) {
+    items.push("GoDaddy API credentials");
+  }
+  if (config.cloudflare?.accountId) {
+    items.push("Cloudflare API credentials");
+  }
+  if (config.registrantContact) {
+    const c = config.registrantContact;
+    items.push(`Registrant contact (${c.first_name} ${c.last_name}, ${c.email})`);
+  }
+  if (migrations.length > 0) {
+    const domainCount = migrations.reduce(
+      (sum, m) => sum + Object.keys(m.domains).length,
+      0
+    );
+    items.push(`${migrations.length} migration${migrations.length === 1 ? "" : "s"} (${domainCount} domain${domainCount === 1 ? "" : "s"})`);
+  }
+  if (items.length === 0) {
+    p8.log.info("Nothing stored. Already clean!");
+    p8.outro("");
+    return;
+  }
+  p8.log.info(`Config file: ${chalk9.dim(storePath)}`);
+  p8.log.message("");
+  p8.log.warn("This will permanently delete:");
+  for (const item of items) {
+    p8.log.message(`  ${chalk9.red("\u2022")} ${item}`);
+  }
+  const confirmed = await p8.confirm({
+    message: "Delete all stored data?",
+    initialValue: false
+  });
+  if (p8.isCancel(confirmed) || !confirmed) {
+    p8.outro("Nothing deleted.");
+    return;
+  }
+  clearAll();
+  p8.log.success("All stored data has been deleted.");
+  p8.outro(chalk9.green("Clean!"));
+}
+
+// src/index.ts
+init_state_manager();
+
+// src/services/signal-handler.ts
+init_state_manager();
+function setupSignalHandlers() {
+  const handler = (signal) => {
+    const migration = getActiveMigration();
+    if (migration) {
+      const domains = Object.values(migration.domains);
+      const completed = domains.filter(
+        (d) => d.status === "completed" || d.status === "transfer_initiated"
+      ).length;
+      console.log(
+        `
+
+Interrupted (${signal}). Migration state saved (${completed}/${domains.length} domains processed).`
+      );
+      console.log("Run `nodaddy resume` to continue.\n");
+    } else {
+      console.log(`
+
+Interrupted (${signal}).
+`);
+    }
+    process.exit(1);
+  };
+  process.on("SIGINT", () => handler("SIGINT"));
+  process.on("SIGTERM", () => handler("SIGTERM"));
+}
+
+// src/index.ts
+var program = new Command();
+program.name("nodaddy").description(
+  "Bulk domain transfer from GoDaddy to Cloudflare"
+).version("1.0.0");
+program.command("migrate").description("Interactive migration wizard").option("--all", "Migrate all domains (skip selection)").option("--dry-run", "Preview without making changes").action(async (opts) => {
+  await migrateCommand(opts);
+});
+program.command("list").description("List GoDaddy domains").action(async () => {
+  await listCommand();
+});
+program.command("status").description("Check transfer status").action(async () => {
+  await statusCommand();
+});
+program.command("resume").description("Resume an interrupted migration").action(async () => {
+  await resumeCommand();
+});
+program.command("cleanup").description("Delete all stored credentials, contact info, and migration history").action(async () => {
+  await cleanupCommand();
+});
+program.command("config").description("Manage API credentials").option("--reset", "Clear stored credentials").action(async (opts) => {
+  if (opts.reset) {
+    clearConfig();
+    console.log("Credentials cleared.");
+  } else {
+    const { getConfig: getConfig2 } = await Promise.resolve().then(() => (init_state_manager(), state_manager_exports));
+    const config = getConfig2();
+    const hasGD = config.godaddy?.apiKey ? "configured" : "not set";
+    const hasCF = config.cloudflare?.accountId ? `configured (${config.cloudflare.authType ?? "token"})` : "not set";
+    console.log(`GoDaddy:    ${hasGD}`);
+    console.log(`Cloudflare: ${hasCF}`);
+    console.log(
+      "\nRun `nodaddy migrate` to set up credentials, or `nodaddy config --reset` to clear them."
+    );
+  }
+});
+setupSignalHandlers();
+program.action(async () => {
+  await migrateCommand({});
+});
+program.parse();