refactor: consolidate website response parsing and stabilize facade naming

[inwardflow]

Summary

This PR continues the second large refactor pass for the website module and prepares the SDK for a cleaner public GitHub release surface.

Core changes

• extract duplicated website response parsing into shared helpers
• add common abstractions for boolean, text, map, and map-list website responses
• migrate website query APIs to the shared parsing model
• normalize WebsiteOperations read-side naming toward list*
• keep old read-side aliases as deprecated compatibility shims

Tests

• add and expand unit tests for wrapped and direct website payload parsing
• cover failure payload preservation and missing-field contract checks
• add facade delegation tests for the preferred website read methods

Docs

• document the website parsing conventions in architecture docs
• refresh README for GitHub-facing usage and API conventions
• update changelog with the parser and facade stabilization work

Commit breakdown

1. refactor: consolidate website response parsing
2. test: cover website parser abstractions
3. docs: document website parsing conventions

Verification

• ./mvnw verify

Privacy check

• no local secrets were included
• no src/test/resources/application-test.properties values were committed
• no .idea/, tmp/, or other local workspace artifacts were included

Notes

• integration tests remain opt-in
• the repository still contains unrelated local changes outside this PR scope, but they were intentionally excluded from these commits

[inwardflow]

Pushed a follow-up commit for write-side facade stabilization.

Additional changes

• add preferred action-oriented write methods in WebsiteOperations
• keep legacy set* / close* / deleteDomain methods as deprecated compatibility shims
• normalize parameter naming toward siteId, websiteName, remark, perServer, and perIp
• add dedicated WebsiteOperationsWriteTest
• update README facade naming guidance for write operations

Verification

• ./mvnw verify

Latest commit: e41f64c refactor: stabilize website write facade naming

[inwardflow]

Follow-up API cleanup pushed.

Based on the decision to treat this SDK as pre-1.0 and avoid compatibility baggage, the website facade no longer keeps deprecated alias methods.

Additional cleanup

• remove old read-side aliases such as rawList, getTypes, getPhpVersions, getDomains, getPhpExtensions, getSslList, and getBackups
• remove old write-side aliases such as deleteDomain, setRemark, setRootPath, setRunPath, setUserIni, setPhpVersion, setPhpExtension, setRewriteRules, setNginxConfig, setPassword, closePassword, setSsl, closeSsl, setLogs, and setLimitNet
• keep WebsiteOperations focused on the final preferred API surface only
• update README to document the canonical facade methods without deprecated shim language

Verification

• ./mvnw verify

Latest commit: f49c060 refactor: remove website facade compatibility aliases

[inwardflow]

Another follow-up refactor pushed.

Additional changes

• introduce typed facade option objects for complex website commands
• replace long parameter lists with WebsiteDeleteOptions, WebsiteSslCertificateOptions, and WebsiteLimitNetOptions
• add validation tests for the new option objects
• update README to recommend the typed option-based facade methods

Verification

• ./mvnw verify

Latest commit: ba50c6c refactor: add typed website facade option objects

[inwardflow]

Pushed another follow-up refactor focused on string-heavy website facade commands.

Additional changes

• add typed request objects for domain binding and removal
• add typed request objects for password protection, rewrite rules, and nginx config updates
• move the corresponding WebsiteOperations methods away from raw string-heavy signatures
• expand facade option tests and write-side delegation coverage
• update README to recommend the new typed command objects

Verification

• ./mvnw verify

Latest commit: 781a27e refactor: type website string-heavy facade commands

[inwardflow]

Added another focused refactor increment in 4073815 (refactor: type website creation facade workflow).

What changed:

• introduced WebsiteCreateRequest as the typed facade request for website creation
• replaced the long-parameter website facade entrypoint with website().create(WebsiteCreateRequest request)
• kept create(CreateWebsiteApi api) available for advanced low-level usage
• added request validation/default coverage and request-to-API parameter mapping tests
• updated integration fixtures and README examples to use the typed request

Validation:

• ./mvnw.cmd -B -ntp "-Dtest=WebsiteFacadeOptionsTest,WebsiteOperationsWriteTest" test
• ./mvnw.cmd -B -ntp verify

Note:

• targeted integration test execution against the configured panel currently fails during setup with SSLHandshakeException / PKIX path building failed, which looks environment-specific (certificate trust chain) rather than caused by this refactor.

[gitguardian]

⚠️ GitGuardian has uncovered 3 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
29330820	Triggered	Username Password	055c83f	src/test/java/net/heimeng/sdk/btapi/integration/FtpIntegrationTest.java	View secret
29330821	Triggered	Generic Password	055c83f	src/test/java/net/heimeng/sdk/btapi/facade/DatabaseFacadeRequestsTest.java	View secret
29330821	Triggered	Generic Password	055c83f	src/test/java/net/heimeng/sdk/btapi/facade/DatabaseOperationsTest.java	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secrets safely. Learn here the best practices.
3. Revoke and rotate these secrets.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[inwardflow]

Added another focused refactor increment in 055c83f (refactor: type database and ftp facade workflows).

What changed:

• introduced typed facade requests for database write flows:
  • DatabaseCreateRequest
  • DatabaseDeleteRequest
  • DatabasePasswordUpdateRequest
• introduced typed facade requests for FTP write flows:
  • FtpCreateRequest
  • FtpDeleteRequest
  • FtpPasswordUpdateRequest
• updated DatabaseOperations and FtpOperations to use typed requests instead of long parameter lists
• normalized password mutation naming to updatePassword(...)
• removed FTP facade write-time hidden account resolution in favor of explicit request data
• added facade request validation + parameter mapping tests
• updated database/FTP integration fixtures and README examples to the typed facade style

Validation:

• ./mvnw.cmd -B -ntp "-Dtest=DatabaseOperationsTest,DatabaseFacadeRequestsTest,FtpOperationsTest,FtpFacadeRequestsTest" test
• full unit-test / compile / checkstyle run via ./mvnw.cmd -B -ntp verify reached 319 passing tests
• targeted formatting check for this increment passed via spotless:check -DspotlessFiles=...

Note:

• full spotless:check across the whole worktree is currently blocked by pre-existing unrelated formatting deltas in other SSL-related files already present in the dirty tree, so I intentionally did not normalize those here.