Validate the federation tester URI placeholder, escape the domain, set
a client timeout, cap the response body, and ship CA certificates in
the scratch image so HTTPS calls succeed. Sort hosts, connection
reports, and errors when rendering so output is deterministic, and
deduplicate TLS problems. Drop the deprecated aggregate Rule() and add
tests for collection and rules.
When no endpoint is reached, the TLS posture cannot be assessed —
this is a non-evaluation, not an informational finding.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add USER 65534:65534 to the scratch runtime image so the checker
process does not run as root.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replace the single matrix_federation rule with individual rules for
federation status, well-known delegation, SRV records, connection
reachability, TLS checks, and homeserver version, so the UI surfaces a
clear checklist. Drop the incorrect well-known/server_name equality
check: m.server points at the delegated federation endpoint, which is
intentionally distinct from server_name.
The SDK split the HTTP server scaffolding into the new
checker-sdk-go/checker/server subpackage. Update main.go to import
server and call server.New, and isolate the interactive form code
behind the standalone build tag so plugin/builtin builds skip
net/http entirely.
