Adds the post-handover wizard step that delegates the parent zone (e.g.
omani.works) to the new Sovereign's PowerDNS, plus a light catalyst-api
stub for live execution in Phase 8.
Wizard (UI):
- New StepNSDelegation slotted as terminal post-handover step (after
StepSuccess) so the LB IP is in hand before we ask the operator to
delegate.
- Default mode: emit-runbook only. Renders the exact set_dns2 curl
command with add_dns_to_current_setting=yes (record-preserving) for
copy-paste. NEVER embeds the API key — operator exports
$DYNADOT_API_KEY in their shell.
- Auto-apply mode: gated behind a toggle + double-confirm field
matching the parent zone. Defaults OFF. POSTs to a stub
/api/v1/dns/parent-zone/delegate which is 501 today; the wizard
surfaces a "Phase 8" hint instead of a generic error.
- Memory rule honoured: NO live set_dns2 call reachable on a normal
wizard flow without explicit operator double-confirm.
- 17 new vitest cases (helper + render + auto-apply gating + 501
stub-aware error) all green.
Catalyst-API (Go):
- Extends existing internal/dynadot package (canonical seam — no new
package, no PDM source touched).
- New Client.AddNSDelegation(parentZone, sovereignFQDN, lbIP, extraNS)
writes 3 NS + 1 glue A record using add_dns_to_current_setting=yes.
Fail-closed via IsManagedDomain gate (refuses to call the API for an
unmanaged zone).
- New pure BuildNSDelegationRunbook helper that mirrors the JSX-side
buildDynadotRunbookCommand so wizard and API emit the same shape.
- 6 new test cases (happy path / unmanaged-zone refusal / table-driven
validation / custom NS hosts / runbook builder) all green.
Per ticket #374 scope: wizard step + emitted runbook + light stub;
live execution deferred to Phase 8 of the omantel handover WBS. WBS
row updated to wizard-shipped state.
Co-authored-by: hatiyildiz <hatiyildiz@noreply.github.com>
6e7a878b1c