Migrate to checker-sdk-go v1.3.0 with standalone build tag

The SDK split the HTTP server scaffolding into the new
checker-sdk-go/checker/server subpackage and CheckRule.Evaluate now
returns []CheckState. Update main.go to import server and call
server.New, switch the rule and the package-level Evaluate helper to
the new slice return type, and isolate the interactive form code
behind the standalone build tag so plugin/builtin builds skip
net/http and html/template entirely.

Dockerfile

@@ -6,7 +6,7 @@ WORKDIR /src
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
-RUN CGO_ENABLED=0 go build -ldflags "-X main.Version=${CHECKER_VERSION}" -o /checker-delegation .
+RUN CGO_ENABLED=0 go build -tags standalone -ldflags "-X main.Version=${CHECKER_VERSION}" -o /checker-delegation .
 
 FROM scratch
 COPY --from=builder /checker-delegation /checker-delegation

Makefile

@@ -6,12 +6,12 @@ CHECKER_SOURCES := main.go $(wildcard checker/*.go)
 
 GO_LDFLAGS := -X main.Version=$(CHECKER_VERSION)
 
-.PHONY: all plugin docker clean
+.PHONY: all plugin docker test clean
 
 all: $(CHECKER_NAME)
 
 $(CHECKER_NAME): $(CHECKER_SOURCES)
-	go build -ldflags "$(GO_LDFLAGS)" -o $@ .
+	go build -tags standalone -ldflags "$(GO_LDFLAGS)" -o $@ .
 
 plugin: $(CHECKER_NAME).so
 
@@ -21,5 +21,8 @@ $(CHECKER_NAME).so: $(CHECKER_SOURCES) $(wildcard plugin/*.go)
 docker:
 	docker build --build-arg CHECKER_VERSION=$(CHECKER_VERSION) -t $(CHECKER_IMAGE) .
 
+test:
+	go test -tags standalone ./...
+
 clean:
 	rm -f $(CHECKER_NAME) $(CHECKER_NAME).so

checker/collect.go

@@ -164,7 +164,7 @@ func (p *delegationProvider) Collect(ctx context.Context, opts sdk.CheckerOption
 				if len(dsMissing) > 0 || len(dsExtra) > 0 {
 					sev := SeverityCrit
 					if len(declaredDS) == 0 {
-						// Service does not declare any DS but parent has some — warn only.
+						// Service does not declare any DS but parent has some, warn only.
 						sev = SeverityWarn
 					}
 					data.Findings = append(data.Findings, DelegationFinding{

checker/dns.go

@@ -19,7 +19,7 @@ const dnsTimeout = 5 * time.Second
 
 // dnsExchange sends a single query to the given server using the requested
 // transport ("" for UDP, "tcp"). The server address must already include a
-// port. RecursionDesired is forced off — this checker only talks to
+// port. RecursionDesired is forced off, this checker only talks to
 // authoritative servers.
 func dnsExchange(ctx context.Context, proto, server string, q dns.Question, edns bool) (*dns.Msg, error) {
 	client := dns.Client{Net: proto, Timeout: dnsTimeout}
@@ -77,7 +77,7 @@ func resolveHost(ctx context.Context, host string) ([]string, error) {
 // resolver returns NOERROR with an answer.
 //
 // If hintParent is non-empty, it is used as the assumed parent and we only
-// resolve its NS — this matches happyDomain's data model where the parent
+// resolve its NS, this matches happyDomain's data model where the parent
 // zone is known.
 func findParentZone(ctx context.Context, fqdn, hintParent string) (zone string, servers []string, err error) {
 	zone = dns.Fqdn(hintParent)

checker/evaluate.go

@@ -9,7 +9,7 @@ import (
 // Evaluate folds findings into a single CheckState. The status is the
 // highest severity observed: any Crit makes the whole result Crit, any Warn
 // makes it Warn, otherwise OK.
-func Evaluate(data *DelegationData) sdk.CheckState {
+func Evaluate(data *DelegationData) []sdk.CheckState {
 	status := sdk.StatusOK
 	var crit, warn, info int
 	for _, f := range data.Findings {
@@ -37,7 +37,7 @@ func Evaluate(data *DelegationData) sdk.CheckState {
 		msg = fmt.Sprintf("Delegation of %s: %d critical, %d warning, %d info", data.DelegatedFQDN, crit, warn, info)
 	}
 
-	return sdk.CheckState{
+	return []sdk.CheckState{{
 		Status:  status,
 		Message: msg,
 		Code:    "delegation_result",
@@ -49,5 +49,5 @@ func Evaluate(data *DelegationData) sdk.CheckState {
 			"parent_ds":      data.ParentDS,
 			"child_serials":  data.ChildSerials,
 		},
-	}
+	}}
 }

checker/interactive.go

@@ -0,0 +1,139 @@
+//go:build standalone
+
+package checker
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"strings"
+
+	"github.com/miekg/dns"
+
+	sdk "git.happydns.org/checker-sdk-go/checker"
+)
+
+// RenderForm exposes a single "delegated domain" input for the standalone
+// /check route. The parent zone is derived by stripping the left-most label
+// and the declared NS / DS sets are resolved via the system resolver.
+func (p *delegationProvider) RenderForm() []sdk.CheckerOptionField {
+	return []sdk.CheckerOptionField{
+		{
+			Id:          "domain",
+			Type:        "string",
+			Label:       "Delegated domain",
+			Placeholder: "sub.example.com",
+			Required:    true,
+			Description: "Fully-qualified name of the delegated zone to check.",
+		},
+	}
+}
+
+// ParseForm turns the submitted domain into the CheckerOptions that Collect
+// expects: the parent zone, the sub-label, and a synthesized
+// abstract.Delegation service populated with the NS / DS records resolved
+// via the system resolver.
+func (p *delegationProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) {
+	domain := strings.TrimSpace(r.FormValue("domain"))
+	if domain == "" {
+		return nil, errors.New("domain is required")
+	}
+	fqdn := dns.Fqdn(domain)
+	labels := dns.SplitDomainName(fqdn)
+	if len(labels) < 2 {
+		return nil, fmt.Errorf("%q has no parent zone", domain)
+	}
+	parentZone := strings.Join(labels[1:], ".")
+	subdomain := labels[0]
+
+	resolver, err := interactiveResolver()
+	if err != nil {
+		return nil, err
+	}
+
+	nsRecords, err := lookupDelegationNS(resolver, fqdn)
+	if err != nil {
+		return nil, fmt.Errorf("NS lookup for %s: %w", domain, err)
+	}
+	if len(nsRecords) == 0 {
+		return nil, fmt.Errorf("no NS records found for %s", domain)
+	}
+	dsRecords, err := lookupDelegationDS(resolver, fqdn)
+	if err != nil {
+		return nil, fmt.Errorf("DS lookup for %s: %w", domain, err)
+	}
+
+	body, err := json.Marshal(delegationService{NameServers: nsRecords, DS: dsRecords})
+	if err != nil {
+		return nil, fmt.Errorf("marshal delegation service: %w", err)
+	}
+
+	svc := serviceMessage{
+		Type:    "abstract.Delegation",
+		Domain:  parentZone,
+		Service: body,
+	}
+
+	return sdk.CheckerOptions{
+		"domain_name": parentZone,
+		"subdomain":   subdomain,
+		"service":     svc,
+	}, nil
+}
+
+func interactiveResolver() (string, error) {
+	cfg, err := dns.ClientConfigFromFile("/etc/resolv.conf")
+	if err != nil || len(cfg.Servers) == 0 {
+		return net.JoinHostPort("1.1.1.1", "53"), nil
+	}
+	return net.JoinHostPort(cfg.Servers[0], cfg.Port), nil
+}
+
+func lookupDelegationNS(resolver, fqdn string) ([]*dns.NS, error) {
+	msg := new(dns.Msg)
+	msg.SetQuestion(fqdn, dns.TypeNS)
+	msg.RecursionDesired = true
+
+	c := new(dns.Client)
+	in, _, err := c.Exchange(msg, resolver)
+	if err != nil {
+		return nil, err
+	}
+	if in.Rcode != dns.RcodeSuccess && in.Rcode != dns.RcodeNameError {
+		return nil, fmt.Errorf("rcode %s", dns.RcodeToString[in.Rcode])
+	}
+
+	var out []*dns.NS
+	for _, rr := range in.Answer {
+		if ns, ok := rr.(*dns.NS); ok {
+			out = append(out, ns)
+		}
+	}
+	return out, nil
+}
+
+func lookupDelegationDS(resolver, fqdn string) ([]*dns.DS, error) {
+	msg := new(dns.Msg)
+	msg.SetQuestion(fqdn, dns.TypeDS)
+	msg.RecursionDesired = true
+	msg.SetEdns0(4096, true)
+
+	c := new(dns.Client)
+	in, _, err := c.Exchange(msg, resolver)
+	if err != nil {
+		return nil, err
+	}
+	if in.Rcode != dns.RcodeSuccess && in.Rcode != dns.RcodeNameError {
+		return nil, fmt.Errorf("rcode %s", dns.RcodeToString[in.Rcode])
+	}
+
+	var out []*dns.DS
+	for _, rr := range in.Answer {
+		if ds, ok := rr.(*dns.DS); ok {
+			out = append(out, ds)
+		}
+	}
+	return out, nil
+}

checker/rule.go

@@ -33,14 +33,14 @@ func (r *delegationRule) ValidateOptions(opts sdk.CheckerOptions) error {
 	return nil
 }
 
-func (r *delegationRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts sdk.CheckerOptions) sdk.CheckState {
+func (r *delegationRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts sdk.CheckerOptions) []sdk.CheckState {
 	var data DelegationData
 	if err := obs.Get(ctx, ObservationKeyDelegation, &data); err != nil {
-		return sdk.CheckState{
+		return []sdk.CheckState{{
 			Status:  sdk.StatusError,
 			Message: fmt.Sprintf("Failed to get delegation data: %v", err),
 			Code:    "delegation_error",
-		}
+		}}
 	}
 	return Evaluate(&data)
 }

go.mod

@@ -3,7 +3,7 @@ module git.happydns.org/checker-delegation
 go 1.25.0
 
 require (
-	git.happydns.org/checker-sdk-go v0.0.1
+	git.happydns.org/checker-sdk-go v1.3.0
 	github.com/miekg/dns v1.1.72
 )
 

go.sum

@@ -1,5 +1,5 @@
-git.happydns.org/checker-sdk-go v0.0.1 h1:4RxCJr73HWKxjOyU/6NJMO8lXJmH0gMLA68EzTqLbQI=
+git.happydns.org/checker-sdk-go v1.3.0 h1:FG2kIhlJCzI0m35EhxSgn4UWc9M4ha6aZTeoChu4l7A=
-git.happydns.org/checker-sdk-go v0.0.1/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
+git.happydns.org/checker-sdk-go v1.3.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=

main.go

@@ -5,7 +5,7 @@ import (
 	"log"
 
 	delegation "git.happydns.org/checker-delegation/checker"
-	sdk "git.happydns.org/checker-sdk-go/checker"
+	"git.happydns.org/checker-sdk-go/checker/server"
 )
 
 var listenAddr = flag.String("listen", ":8080", "HTTP listen address")
@@ -21,8 +21,8 @@ func main() {
 
 	delegation.Version = Version
 
-	server := sdk.NewServer(delegation.Provider())
+	srv := server.New(delegation.Provider())
-	if err := server.ListenAndServe(*listenAddr); err != nil {
+	if err := srv.ListenAndServe(*listenAddr); err != nil {
 		log.Fatalf("server error: %v", err)
 	}
 }