The 100ms default warning collided with ordinary cross-region internet
latency (e.g. transatlantic RTTs of ~100ms), causing spurious warnings
on healthy long-haul targets. Bump the default warning to 200ms and
factor the warning/critical defaults into package constants so the two
call sites can no longer drift.
Add the AGPL LICENSE file and a deployment-security note in the README
to clarify that the unauthenticated /collect endpoint must run on a
trusted network.
Fix the IPv6 reachability rule so it consults the IP actually probed:
PingTargetResult now carries ResolvedIP populated from pinger.IPAddr(),
which lets the rule classify hostname targets correctly instead of
always reporting "No IPv6 target pinged".
Tighten error handling: ipsFromService now propagates JSON errors,
ExtractMetrics wraps decode failures, the count option returns an
explicit error when out of range instead of silently clamping, and the
"all pings failed" message no longer concatenates every per-target
error. Threshold validation is factored into validateThresholdPair and
shared between the RTT and packet-loss rules.
Add unit tests covering address resolution, threshold validation, and
each rule's evaluation paths.
