Add the AGPL LICENSE file and a deployment-security note in the README
to clarify that the unauthenticated /collect endpoint must run on a
trusted network.
Fix the IPv6 reachability rule so it consults the IP actually probed:
PingTargetResult now carries ResolvedIP populated from pinger.IPAddr(),
which lets the rule classify hostname targets correctly instead of
always reporting "No IPv6 target pinged".
Tighten error handling: ipsFromService now propagates JSON errors,
ExtractMetrics wraps decode failures, the count option returns an
explicit error when out of range instead of silently clamping, and the
"all pings failed" message no longer concatenates every per-target
error. Threshold validation is factored into validateThresholdPair and
shared between the RTT and packet-loss rules.
Add unit tests covering address resolution, threshold validation, and
each rule's evaluation paths.
Pierre-Olivier Mercier
2aa596afd5