Address publication review feedback

Add the AGPL LICENSE file and a deployment-security note in the README to clarify that the unauthenticated /collect endpoint must run on a trusted network. Fix the IPv6 reachability rule so it consults the IP actually probed: PingTargetResult now carries ResolvedIP populated from pinger.IPAddr(), which lets the rule classify hostname targets correctly instead of always reporting "No IPv6 target pinged". Tighten error handling: ipsFromService now propagates JSON errors, ExtractMetrics wraps decode failures, the count option returns an explicit error when out of range instead of silently clamping, and the "all pings failed" message no longer concatenates every per-target error. Threshold validation is factored into validateThresholdPair and shared between the RTT and packet-loss rules. Add unit tests covering address resolution, threshold validation, and each rule's evaluation paths.
2026-04-26 10:40:32 +07:00 · 2026-04-26 10:40:32 +07:00 · 2aa596afd5
commit 2aa596afd5
parent 706fc2a4c1
17 changed files with 1291 additions and 33 deletions
--- a/README.md
+++ b/README.md
@ -58,6 +58,17 @@ make docker CHECKER_VERSION=1.2.3

 Set the `endpoint` admin option for the ping checker to the URL of the running checker-ping server (e.g., `http://checker-ping:8080`). happyDomain will delegate observation collection to this endpoint.

+### Deployment
+
+The `/collect` endpoint has no built-in authentication and will issue
+ICMP probes to whatever hostnames or IP addresses the caller supplies,
+including private (RFC 1918), loopback, link-local, and cloud metadata
+addresses (e.g. `169.254.169.254`). It is meant to run on a trusted
+network, reachable only by the happyDomain instance that drives it.
+Restrict access via a reverse proxy with authentication, a network ACL,
+or by binding the listener to a private interface; do not expose it
+directly to the public internet.
+
 ## Protocol

 ### POST /collect