feat: add godaddy api command for direct API access

[wcole1-godaddy]

Add a new command that allows direct, authenticated requests to any GoDaddy API endpoint, similar to gh api and vercel api. Features:

• Support for all HTTP methods (GET, POST, PUT, PATCH, DELETE)
• Field arguments (-f key=value) and JSON file body (-F path)
• Custom headers (-H "Key: Value")
• JSON path queries for filtering output (-q .path.to.value)
• Response header display (-i, --include)
• Debug mode shows request/response details (--debug)
• Proactive token expiry checking with helpful messages
• Specific handling for 401/403 responses

Also includes:

• Comprehensive documentation in README
• Unit tests for API module and command
• Improved test reliability for CI environments

To fix the problem, avoid building a single shell command string that embeds CLI_PATH. Instead, invoke node with arguments passed as an array so the path is not parsed by a shell. This removes any risk from spaces or metacharacters in process.cwd(); node receives the path as a literal argument.

The minimal, behavior-preserving change within tests/integration/cli-smoke.test.ts is:

• Keep execSync but stop using a shell-style command string.
• Call execSync with an array of arguments, and ensure shell is disabled so the command is executed directly.
• For each current use:
  • execSync(`node ${CLI_PATH} --help`, …) → execSync("node", [CLI_PATH, "--help"], { encoding: "utf-8", shell: false })
  • Similarly for application --help, --version, --env invalid-env env get, and nonexistent-command.
• Optionally, for pnpm run build, you can also avoid the shell; however, the reported issue concerns CLI_PATH, so we will leave that call unchanged to minimize scope, unless the broader project expects shell features there.

No new imports are needed; we are already importing execSync from node:child_process. All changes occur inside tests/integration/cli-smoke.test.ts on the lines where execSync is currently passed a template string involving CLI_PATH.

In general, to fix this issue you should avoid constructing a full shell command string that includes tainted or environment-derived paths and instead pass the executable and its arguments separately to an API that does not go through a shell (for Node’s child_process, that is execFileSync or spawnSync with an argument array). This prevents shell interpretation of spaces and special characters in file paths or arguments.

For this file, the best minimal-change fix is:

• Keep using execSync where it is only given a fixed string literal command (e.g., "pnpm run build"), because there is no tainted interpolation there.
• For every place where CLI_PATH is interpolated into a template string passed to execSync, switch to spawnSync (or execFileSync) and pass:
  • the command "node" as the executable,
  • an array of arguments containing CLI_PATH and the rest of the CLI arguments separately,
  • the encoding/stdio options as before.
• Update imports to include spawnSync from node:child_process.
• Adapt expectations:
  • Where the code previously captured execSync’s stdout as the return value, now read result.stdout from spawnSync.
  • Where the code previously wrapped execSync in expect(() => { ... }).toThrow(), now perform spawnSync and assert that status is non-zero (an error exit), which preserves the tested behavior without relying on thrown exceptions.

Specifically:

• In tests/integration/cli-smoke.test.ts:
  • Add spawnSync to the node:child_process import.
  • Replace the four execSync calls on lines 39, 50, 62, 75, and 87 that interpolate CLI_PATH with spawnSync("node", [CLI_PATH, ...args], { encoding: "utf-8", ... }), adjusting to capture stdout or assert on status as appropriate.

In general, the problem is that we’re building a single shell command string (node ${CLI_PATH} ...) that includes a path derived from process.cwd(), and passing it to execSync, which invokes a shell. To fix this, we should avoid the shell and pass the command and its arguments separately so that the path is not reinterpreted by the shell.

The best fix here is to switch all execSync calls that run node ${CLI_PATH} ... to use execFileSync (from node:child_process) with an argument array: execFileSync("node", [CLI_PATH, "--help"]), etc. This preserves existing behavior (we’re still running the same Node script with the same arguments) but removes any shell interpretation of CLI_PATH or other arguments. We will need to import execFileSync alongside execSync. For the pnpm run build invocation, the taint source is not involved and the command is static, so it can remain as-is; only the calls that interpolate CLI_PATH need changing.

Concretely in tests/integration/cli-smoke.test.ts:

• Update the import on line 1 to include execFileSync.
• Replace the execSync calls that construct commands using template literals with execFileSync("node", [...args]):
  • Help test: execSync(\node ${CLI_PATH} --help`, ...)→execFileSync("node", [CLI_PATH, "--help"], ...)`.
  • Subcommand help: execSync(\node ${CLI_PATH} application --help`, ...)→execFileSync("node", [CLI_PATH, "application", "--help"], ...)`.
  • Version: execSync(\node ${CLI_PATH} --version`, ...)→execFileSync("node", [CLI_PATH, "--version"], ...)`.
  • Invalid env: execSync(\node ${CLI_PATH} --env invalid-env env get`, ...)→execFileSync("node", [CLI_PATH, "--env", "invalid-env", "env", "get"], ...)`.
  • Unknown command: execSync(\node ${CLI_PATH} nonexistent-command`, ...)→execFileSync("node", [CLI_PATH, "nonexistent-command"], ...)`.

No other behavioral changes are needed.